Отправлено 22 Декабрь 2010 - 07:52
Отправлено 22 Декабрь 2010 - 10:22
Отправлено 22 Декабрь 2010 - 10:32
Отправлено 22 Декабрь 2010 - 10:44
Отправлено 22 Декабрь 2010 - 21:43
One Suggested from the support staff is
setsebool -P allow_execheap=1
Which is a bad thing because this is to all programs but this pretty much the only way to get dr web to work.
The other way is this I found in another forum
su -c 'cat /var/log/messages' | grep avc > (Name of file)
Then we do it again to refine the search for dr.web
su -c 'cat (Name of file)' | grep drweb > (Name of file refine for drweb)
There is always more than one avc so you must find the ones only to dr.web
Now to make a policy out of it
audit2allow -M (Whatever you want to call the policy) < (Name of file refine for drweb)
Now to install the policy
su -c 'semodule -i (name of policy).pp'
From there dr web should work fine. The only that gets to me since it generated a policy for dr web which you can view in vi or cat commands. It shows this(To view it cat (name of policy).te)
allow initrc_t self:process execheap;
allow unconfined_t self:process execheap;
Which is pretty much the same thing as the first one, but this a bit different I think. I believe the first workaround means its always on to allow execheap, the second workaround it only lets that process or program use until the process or program is done using it, but the only problem is if any other process or programs give that unconfined_t its pretty much having it turned on always. In other words it works for me.
Читают тему: 0
0 пользователей, 0 гостей, 0 скрытых